adaptive partitioning
play

Adaptive partitioning Dennis Hofheinz (KIT, Karlsruhe) Public-Key - PowerPoint PPT Presentation

Aug 09, 2023 •324 likes •1.16k views

Adaptive partitioning Dennis Hofheinz (KIT, Karlsruhe) Public-Key Encryption Public-Key Encryption Accepted security notion: chosen-ciphertext security (IND-CCA) Public-Key Encryption Accepted security notion: chosen-ciphertext security

  1. Adaptive partitioning Dennis Hofheinz (KIT, Karlsruhe)

  2. Public-Key Encryption

  3. Public-Key Encryption ● Accepted security notion: chosen-ciphertext security (IND-CCA)

  4. Public-Key Encryption ● Accepted security notion: chosen-ciphertext security (IND-CCA) Dec(sk,·) pk m 0 ,m 1 Enc(pk,m b ) b' Adversary A Challenger

  5. Public-Key Encryption ● Accepted security notion: chosen-ciphertext security (IND-CCA) Dec(sk,·) pk m 0 ,m 1 Enc(pk,m b ) b' Adversary A Challenger Adv(A) = Pr [ b = b' ] – 1/2, should be negligible

  6. Public-Key Encryption ● Accepted security notion: chosen-ciphertext security (IND-CCA) Dec(sk,·) pk m 0 ,m 1 Enc(pk,m b ) b' Adversary A Challenger Adv(A) = Pr [ b = b' ] – 1/2, should be negligible ● Observation: covers only 1-user, 1-ciphertext scenario

  7. Public-Key Encryption ● Accepted security notion: chosen-ciphertext security (IND-CCA) Dec(sk,·) pk m 0 ,m 1 Enc(pk,m b ) b' Adversary A Challenger Adv(A) = Pr [ b = b' ] – 1/2, should be negligible ● Observation: covers only 1-user, 1-ciphertext scenario Hybrid argument → multi-user, multi-ciphertext security –

  8. Public-Key Encryption ● Accepted security notion: chosen-ciphertext security (IND-CCA) Dec(sk,·) pk m 0 ,m 1 Enc(pk,m b ) b' Adversary A Challenger Adv(A) = Pr [ b = b' ] – 1/2, should be negligible ● Observation: covers only 1-user, 1-ciphertext scenario Hybrid argument → multi-user, multi-ciphertext security – But: security guarantees may degrade in scenario size –

  9. Public-Key Encryption ● Accepted security notion: chosen-ciphertext security (IND-CCA) Dec(sk,·) pk m 0 ,m 1 Enc(pk,m b ) b' Adversary A Challenger Adv(A) = Pr [ b = b' ] – 1/2, should be negligible ● Observation: covers only 1-user, 1-ciphertext scenario Hybrid argument → multi-user, multi-ciphertext security – But: security guarantees may degrade in scenario size – So: scenario size may influence keylength recommendations –

  10. This talk

  11. This talk ● Tightly secure PKE: multi-challenge IND-CCA Dec(sk,·) pk m 0 ,m 1 repeat Enc(pk,m b ) b' Adversary A Challenger Adv(A) = Pr [ b = b' ] – 1/2, should be negligible

  12. This talk ● Tightly secure PKE: multi-challenge IND-CCA Dec(sk,·) pk m 0 ,m 1 repeat Enc(pk,m b ) b' Adversary A Challenger Adv(A) = Pr [ b = b' ] – 1/2, should be negligible ● Goal: tight reduction to standard assumption (e.g., DDH)

  13. This talk ● Tightly secure PKE: multi-challenge IND-CCA Dec(sk,·) pk m 0 ,m 1 repeat Enc(pk,m b ) b' Adversary A Challenger Adv(A) = Pr [ b = b' ] – 1/2, should be negligible ● Goal: tight reduction to standard assumption (e.g., DDH) Tight: reduction loss independent of # ciphertexts/queries –

  14. This talk ● Tightly secure PKE: multi-challenge IND-CCA Dec(sk,·) pk m 0 ,m 1 repeat Enc(pk,m b ) b' Adversary A Challenger Adv(A) = Pr [ b = b' ] – 1/2, should be negligible ● Goal: tight reduction to standard assumption (e.g., DDH) Tight: reduction loss independent of # ciphertexts/queries – Enables security guarantees for arbitrary/unknown scenarios –

  15. This talk ● Tightly secure PKE: multi-challenge IND-CCA Dec(sk,·) pk m 0 ,m 1 repeat Enc(pk,m b ) b' Adversary A Challenger Adv(A) = Pr [ b = b' ] – 1/2, should be negligible ● Goal: tight reduction to standard assumption (e.g., DDH) Tight: reduction loss independent of # ciphertexts/queries – Enables security guarantees for arbitrary/unknown scenarios – ● Difficulty: standard techniques yield non-tight reductions

  16. Tight CCA security

  17. Tight CCA security ● Tightly secure PKE: multi-challenge IND-CCA m 0 (1) ,m 1 (1) C (1) =Enc(pk,m b (1) ) … m 0 (Q) ,m 1 (Q) Adversary A Challenger C (Q) =Enc(pk,m b (Q) ) ● Standard techniques yield non-tight reductions, examples:

  18. Tight CCA security ● Tightly secure PKE: multi-challenge IND-CCA m 0 (1) ,m 1 (1) C (1) =Enc(pk,m b (1) ) … m 0 (Q) ,m 1 (Q) Adversary A Challenger C (Q) =Enc(pk,m b (Q) ) ● Standard techniques yield non-tight reductions, examples: IBE: reduction knows "punctured" sk, randomize one C (i) –

  19. Tight CCA security ● Tightly secure PKE: multi-challenge IND-CCA m 0 (1) ,m 1 (1) C (1) =Enc(pk,m b (1) ) … m 0 (Q) ,m 1 (Q) Adversary A Challenger C (Q) =Enc(pk,m b (Q) ) ● Standard techniques yield non-tight reductions, examples: IBE: reduction knows "punctured" sk, randomize one C (i) – HPS: reduction knows full sk, entropy in sk randomizes one C (i) –

  20. Tight CCA security ● Tightly secure PKE: multi-challenge IND-CCA m 0 (1) ,m 1 (1) C (1) =Enc(pk,m b (1) ) … m 0 (Q) ,m 1 (Q) Adversary A Challenger C (Q) =Enc(pk,m b (Q) ) ● Standard techniques yield non-tight reductions, examples: IBE: reduction knows "punctured" sk, randomize one C (i) – HPS: reduction knows full sk, entropy in sk randomizes one C (i) – NY (double encryption with consistency proof): make one C (i) "special" (with – simulated proof), requires simulation-soundness Difficulty: simulation-soundness in face of many simulated proofs ●

  21. Previous work / contribution

  22. Previous work / contribution Scheme |pk| |C| (KEM) Loss Assumption CS98/BBM00 3 3 O(Q) DDH KD04/BBM00 2 2 O(Q) DDH CS03 3 2 O(Q) DCR HJ12 O(1) O(λ) O(1) DLIN (PFG) LPJY15 O(λ) 47 O(λ) DLIN (PFG) H16 2 60 O(λ) DLIN (PFG) GHKW16 2λ 3 O(λ) DDH This work 24 6 O(λ) DLIN (PFG) This work 20 30 O(λ) DCR

  23. Previous work / contribution Scheme |pk| |C| (KEM) Loss Assumption CS98/BBM00 3 3 O(Q) DDH KD04/BBM00 2 2 O(Q) DDH CS03 3 2 O(Q) DCR HJ12 O(1) O(λ) O(1) DLIN (PFG) LPJY15 O(λ) 47 O(λ) DLIN (PFG) H16 2 60 O(λ) DLIN (PFG) GHKW16 2λ 3 O(λ) DDH This work 24 6 O(λ) DLIN (PFG) This work 20 30 O(λ) DCR ● This work: not yet practical, but conceptual progress

  24. Previous work / contribution Scheme |pk| |C| (KEM) Loss Assumption CS98/BBM00 3 3 O(Q) DDH KD04/BBM00 2 2 O(Q) DDH CS03 3 2 O(Q) DCR HJ12 O(1) O(λ) O(1) DLIN (PFG) LPJY15 O(λ) 47 O(λ) DLIN (PFG) H16 2 60 O(λ) DLIN (PFG) GHKW16 2λ 3 O(λ) DDH This work 24 6 O(λ) DLIN (PFG) This work 20 30 O(λ) DCR ● This work: not yet practical, but conceptual progress Generic new techniques to randomize challenge ciphertexts –

  25. Previous work / contribution Scheme |pk| |C| (KEM) Loss Assumption CS98/BBM00 3 3 O(Q) DDH KD04/BBM00 2 2 O(Q) DDH CS03 3 2 O(Q) DCR HJ12 O(1) O(λ) O(1) DLIN (PFG) LPJY15 O(λ) 47 O(λ) DLIN (PFG) H16 2 60 O(λ) DLIN (PFG) GHKW16 2λ 3 O(λ) DDH This work 24 6 O(λ) DLIN (PFG) This work 20 30 O(λ) DCR ● This work: not yet practical, but conceptual progress Generic new techniques to randomize challenge ciphertexts – Yields first DCR-based tightly secure PKE scheme –

  26. Previous work / contribution Scheme |pk| |C| (KEM) Loss Assumption CS98/BBM00 3 3 O(Q) DDH KD04/BBM00 2 2 O(Q) DDH CS03 3 2 O(Q) DCR HJ12 O(1) O(λ) O(1) DLIN (PFG) LPJY15 O(λ) 47 O(λ) DLIN (PFG) H16 2 60 O(λ) DLIN (PFG) GHKW16 2λ 3 O(λ) DDH This work 24 6 O(λ) DLIN (PFG) This work 20 30 O(λ) DCR ● This work: not yet practical, but conceptual progress Generic new techniques to randomize challenge ciphertexts – Yields first DCR-based tightly secure PKE scheme – ● Remaining talk: overview over new techniques

  27. Basic strategy

  28. Basic strategy ● This work: not yet practical, but conceptual progress – Generic new techniques to randomize challenge ciphertexts – Yields first DCR-based tightly secure PKE scheme ● Remaining talk: overview over new techniques ● Starting point: Naor-Yung double encryption: C = ( C 0 =Enc(pk 0 ,M 0 ), C 1 =Enc(pk 1 ,M 1 ), π )

  29. Basic strategy ● This work: not yet practical, but conceptual progress – Generic new techniques to randomize challenge ciphertexts – Yields first DCR-based tightly secure PKE scheme ● Remaining talk: overview over new techniques ● Starting point: Naor-Yung double encryption: C = ( C 0 =Enc(pk 0 ,M 0 ), C 1 =Enc(pk 1 ,M 1 ), π ) Consistency proof: proves that M 0 =M 1

  30. Naor-Yung encryption

  31. Naor-Yung encryption C = ( C 0 =Enc(pk 0 ,M 0 ), C 1 =Enc(pk 1 ,M 1 ), π ) ● One (known) way to prove Naor-Yung secure:

  32. Naor-Yung encryption C = ( C 0 =Enc(pk 0 ,M 0 ), C 1 =Enc(pk 1 ,M 1 ), π ) ● One (known) way to prove Naor-Yung secure: 0) IND-CCA experiment (many challenges), use sk 0 to decrypt

  33. Naor-Yung encryption C = ( C 0 =Enc(pk 0 ,M 0 ), C 1 =Enc(pk 1 ,M 1 ), π ) ● One (known) way to prove Naor-Yung secure: 0) IND-CCA experiment (many challenges), use sk 0 to decrypt NIZK ind. 1) simulate all proofs π (using NIZK simulator) in challenges

  34. Naor-Yung encryption C = ( C 0 =Enc(pk 0 ,M 0 ), C 1 =Enc(pk 1 ,M 1 ), π ) ● One (known) way to prove Naor-Yung secure: 0) IND-CCA experiment (many challenges), use sk 0 to decrypt NIZK ind. 1) simulate all proofs π (using NIZK simulator) in challenges CPA 2) randomize all M 1 in challenges

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

NETWORKONCHIPASSISTED ADAPTIVE PARTITIONING AND ISOLATION FOR DYNAMIC HOMOGENEOUS

NETWORKONCHIPASSISTED ADAPTIVE PARTITIONING AND ISOLATION FOR DYNAMIC HOMOGENEOUS

NETWORKONCHIPASSISTED ADAPTIVE PARTITIONING AND ISOLATION FOR DYNAMIC HOMOGENEOUS MANYCORES Davide Bertozzi MPSoC Research Group University of Ferrara Italy email : davide.bertozzi@unife.it A collaboration with Jos

617 views • 35 slides
An Adaptive Bloom Filter Cache Partitioning Scheme for Multicore Architectures Konstantinos

An Adaptive Bloom Filter Cache Partitioning Scheme for Multicore Architectures Konstantinos

An Adaptive Bloom Filter Cache Partitioning Scheme for Multicore Architectures Konstantinos Nikas Computing Systems Laboratory NTU Athens, Greece Matthew Horsnell, Jim Garside Advanced Processor Technologies Group University of Manchester

692 views • 32 slides
RUNTIME SUPPORT FOR ADAPTIVE SPATIAL PARTITIONING AND INTER-KERNEL COMMUNICATION ON GPUS Yash

RUNTIME SUPPORT FOR ADAPTIVE SPATIAL PARTITIONING AND INTER-KERNEL COMMUNICATION ON GPUS Yash

RUNTIME SUPPORT FOR ADAPTIVE SPATIAL PARTITIONING AND INTER-KERNEL COMMUNICATION ON GPUS Yash Ukidave , Perhaad Mistry , Charu Kalra , Dana Schaa and David Kaeli Department of Electrical and Computer Engineering Northeastern

502 views • 23 slides
Planar: Parallel Lightweight Architecture-Aware Adaptive Graph Repartitioning Angen Zheng ,

Planar: Parallel Lightweight Architecture-Aware Adaptive Graph Repartitioning Angen Zheng ,

Planar: Parallel Lightweight Architecture-Aware Adaptive Graph Repartitioning Angen Zheng , Alexandros Labrinidis, and Panos K. Chrysanthis University of Pittsburgh 1 Graph Partitioning Applications of Graph Partitioning Scientific

642 views • 46 slides
1 1 Slide 5 Slide 6 Partitioning and Load Balancing Partitioning Goals Assignment of

1 1 Slide 5 Slide 6 Partitioning and Load Balancing Partitioning Goals Assignment of

Slide 2 Outline Tutorial: Partitioning, Load Balancing Part 1: and the Zoltan Toolkit Partitioning and load balancing Owner computes approach Static vs. dynamic partitioning Models and algorithms Geometric (RCB, SFC)

589 views • 25 slides
Partitioning Introduction to Partitioning Mahapatra-Texas A&M-Spring02 1 System

Partitioning Introduction to Partitioning Mahapatra-Texas A&M-Spring02 1 System

Partitioning Introduction to Partitioning Mahapatra-Texas A&M-Spring02 1 System partitioning System level partitioning problem Assignment of operations to hardware or software Assignment of an operation to HW or SW determines

445 views • 18 slides
Territory partitioning is ... art Territory Partitioning for Minimalist Gossiping Robots

Territory partitioning is ... art Territory Partitioning for Minimalist Gossiping Robots

Territory partitioning is ... art Territory Partitioning for Minimalist Gossiping Robots Francesco Bullo Center for Control, Dynamical Systems & Computation University of California at Santa Barbara http:/ /motion.mee.ucsb.edu Johns

100 views • 6 slides
Partitioning and Divide-and- Conquer Strategies Partitioning Strategies Partitioning simply

Partitioning and Divide-and- Conquer Strategies Partitioning Strategies Partitioning simply

Partitioning and Divide-and- Conquer Strategies Partitioning Strategies Partitioning simply divides the problem into parts Example - Adding a sequence of numbers We might consider dividing the sequence into m parts of n / m numbers each, ( x 0

514 views • 33 slides
Partitioning Decompose computation into tasks to equi-distribute the data and work, minimize

Partitioning Decompose computation into tasks to equi-distribute the data and work, minimize

Lecture 12: Partitioning and Load Balancing G63.2011.002/G22.2945.001 November 16, 2010 thanks to Schloegel,Karypis and Kumar survey paper and Zoltan website for many of todays slides and pictures Partitioning Decompose

837 views • 52 slides
Investigating hypergraph-partitioning-based sparse matrix partitioning methods Bora U car

Investigating hypergraph-partitioning-based sparse matrix partitioning methods Bora U car

Outline Investigating hypergraph-partitioning-based sparse matrix partitioning methods Bora U car ro:ma, Lyon, France 22 October 2009 Jointly with Umit V. C ataly urek (VMWIP) 1/37 Hypergraph partitioning Outline Outline

490 views • 37 slides
Partitioning under the hood in MySQL 5.5 Mattias Jonsson, Partitioning developer Mikael

Partitioning under the hood in MySQL 5.5 Mattias Jonsson, Partitioning developer Mikael

<Insert Picture Here> Partitioning under the hood in MySQL 5.5 Mattias Jonsson, Partitioning developer Mikael Ronstrm, Partitioning author Who are we? Mikael is a founder of the technology behind NDB Cluster (MySQL Cluster)

379 views • 35 slides
Sparse matrix partitioning, ordering, and visualisation by Mondriaan 3.0 Outline Partitioning

Sparse matrix partitioning, ordering, and visualisation by Mondriaan 3.0 Outline Partitioning

Sparse matrix partitioning, ordering, and visualisation by Mondriaan 3.0 Outline Partitioning Matrix-vector Rob H. Bisseling, Albert-Jan Yzelman, Bas Fagginger Auer Movies Hypergraphs Ordering Mathematical Institute, Utrecht University SBD

468 views • 26 slides
Power grid partitioning Data-Driven Partitioning of Power Networks Via Koopman Mode

Power grid partitioning Data-Driven Partitioning of Power Networks Via Koopman Mode

Power grid partitioning Data-Driven Partitioning of Power Networks Via Koopman Mode Analysis by Raak, Susuki and Hikihara Presented by Andr and Pontus http://energy.gov/sites/prod/files/oeprod/DocumentsandMedia/BlackoutFinal-Web.pdf 2

411 views • 27 slides
Background MapReduce Model SCOPE Language and Cosmos system Advanced partitioning

Background MapReduce Model SCOPE Language and Cosmos system Advanced partitioning

Nian Ke David R . Cheriton School of Computer Science University of Waterloo Background MapReduce Model SCOPE Language and Cosmos system Advanced partitioning techniques Partial Partitioning Hash-Based Partitioning

543 views • 26 slides
Some Results on the Online Partitioning of Permutations Benjamin Leroy-Beaulieu 1 Marc Demange 2 1

Some Results on the Online Partitioning of Permutations Benjamin Leroy-Beaulieu 1 Marc Demange 2 1

Preliminaries Isotone Partitioning Monotone Partitioning Conclusion Some Results on the Online Partitioning of Permutations Benjamin Leroy-Beaulieu 1 Marc Demange 2 1 IMA-ROSO Ecole Polytechnique Fdrale de Lausanne 2 Dpartment SID

929 views • 75 slides
Partitioning Problem and Usage Lecture 8 CSCI 4974/6971 26 Sep 2016 1 / 14 Todays Biz 1.

Partitioning Problem and Usage Lecture 8 CSCI 4974/6971 26 Sep 2016 1 / 14 Todays Biz 1.

Partitioning Problem and Usage Lecture 8 CSCI 4974/6971 26 Sep 2016 1 / 14 Todays Biz 1. Reminders 2. Review 3. Graph Partitioning overview 4. Graph Partitioning Small-world Graphs 5. Partitioning Usage example 2 / 14 Todays Biz 1.

1.47k views • 102 slides
Preventing Shoulder Surfing using Randomized Augmented Reality Keyboards Anindya Maiti, Murtuza

Preventing Shoulder Surfing using Randomized Augmented Reality Keyboards Anindya Maiti, Murtuza

Preventing Shoulder Surfing using Randomized Augmented Reality Keyboards Anindya Maiti, Murtuza Jadliwala, and Chase Weber March 13, 2017 Table of Contents 1. Introduction 2. Related Work 3. Adversary Model 4. Proposed Defense Model 5.

920 views • 26 slides
(Randomized) Localized Model Order Reduction Kathrin Smetana (University of Twente) March 24,

(Randomized) Localized Model Order Reduction Kathrin Smetana (University of Twente) March 24,

(Randomized) Localized Model Order Reduction Kathrin Smetana (University of Twente) March 24, 2020 ICERM Workshop Algorithms for Dimension and Complexity Reduction K Smetana (k.smetana@utwente.nl) Localized Model Order Reduction March

1.23k views • 88 slides
Random Methods for Large-Scale Linear Problems, Variational Inequalities, and Convex Optimization

Random Methods for Large-Scale Linear Problems, Variational Inequalities, and Convex Optimization

Random Methods for Large-Scale Linear Problems, Variational Inequalities, and Convex Optimization Doctoral Thesis Defense Mengdi Wang Laboratory for Information and Decision Systems (LIDS) Massachusetts Institute of Technology April 1st, 2013

512 views • 38 slides
Potential outcomes and randomized experiments Frank Venmans University of Mons

Potential outcomes and randomized experiments Frank Venmans University of Mons

Potential outcomes and randomized experiments Frank Venmans University of Mons frank.venmans@umons.ac.be November 28, 2016 Frank Venmans (UMons) Causal inference November 28, 2016 1 / 20 Overview Potential outcomes and selection bias 1

536 views • 20 slides
Verifiable Elections That Scale for Free Melissa Chase (MSR Redmond) Markulf Kohlweiss (MSR

Verifiable Elections That Scale for Free Melissa Chase (MSR Redmond) Markulf Kohlweiss (MSR

Verifiable Elections That Scale for Free Melissa Chase (MSR Redmond) Markulf Kohlweiss (MSR Cambridge) Anna Lysyanskaya (Brown University) Sarah Meiklejohn (UC San Diego) 1 10,000-foot view of cryptographic voting 2 10,000-foot view of

2.01k views • 146 slides
8. Average-Case Analysis of Algorithms + Randomized Algorithms 1 insertion sort Array A[1]

8. Average-Case Analysis of Algorithms + Randomized Algorithms 1 insertion sort Array A[1]

CSE 312, Autumn 2012, W.L.Ruzzo 8. Average-Case Analysis of Algorithms + Randomized Algorithms 1 insertion sort Array A[1] A[n] Sorted for i = 2 n-1 { T = A[i] j j = i-1 compare i Unsorted while j >= 0 && T

638 views • 17 slides
Noncespaces: Using Randomization to Enforce Information Flow Tracking and Thwart Cross-Site

Noncespaces: Using Randomization to Enforce Information Flow Tracking and Thwart Cross-Site

Noncespaces: Using Randomization to Enforce Information Flow Tracking and Thwart Cross-Site Scripting Attacks Matthew Van Gundy and Hao Chen University of California, Davis 16th Annual Network & Distributed System Security Symposium

1.08k views • 80 slides
How to Make ASLR Win the Clone Wars: Runtime Re-Randomization Kangjie Lu , Stefan Nrnberger,

How to Make ASLR Win the Clone Wars: Runtime Re-Randomization Kangjie Lu , Stefan Nrnberger,

How to Make ASLR Win the Clone Wars: Runtime Re-Randomization Kangjie Lu , Stefan Nrnberger, Michael Backes, and Wenke Lee Georgia Tech, CISPA, Saarland University, MPI-SWS, DFKI RuntimeASLR 1 What did we do? We re-randomize the memory

833 views • 44 slides

More recommend